312-49 Online Practice Questions and Answers

Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then

discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

A. Phreaking

B. Squatting

C. Crunching

D. Pretexting

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A. The operating system of the attacker and victim computers

B. IP traffic between the attacker and the victim

C. MAC address of the attacker

D. If any computers on the network are running in promiscuous mode

Using Linux to carry out a forensics investigation, what would the following command accomplish? dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

A. Search for disk errors within an image file

B. Backup a disk to an image file

C. Copy a partition to an image file

D. Restore a disk from an image file

Which of the following techniques can be used to beat steganography?

A. Encryption

B. Steganalysis

C. Decryption

D. Cryptanalysis

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

A. Undo the last action performed on the system

B. Reboot Windows

C. Use a recovery tool to undelete the file

D. Download the file from Microsoft website

Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?

A. Microsoft Outlook

B. Eudora

C. Mozilla Thunderbird

D. Microsoft Outlook Express

Which of the following is NOT a physical evidence?

A. Removable media

B. Cables

C. Image file on a hard disk

D. Publications

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

A. SWGDE and SWGIT

B. Daubert

C. Frye

D. IOCE

Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

A. International Mobile Equipment Identifier (IMEI)

B. Integrated circuit card identifier (ICCID)

C. International mobile subscriber identity (IMSI)

D. Equipment Identity Register (EIR)

Examination of a computer by a technically unauthorized person will almost always result in:

A. Rendering any evidence found inadmissible in a court of law

B. Completely accurate results of the examination

C. The chain of custody being fully maintained

D. Rendering any evidence found admissible in a court of law